The Top Banking Fraud Types to Watch in 2024
About this white paper
A staggering five percent of corporate revenue is lost to fraud every year, totaling US$4.7 trillion globally according to the ACFE. And fraud is growing, relentlessly.
Read about the evolving tactics of fraudsters in 2024, from conventional scams to sophisticated deep fakes, and discover how cutting-edge technology like NetGuardians’ AI-driven anti-fraud systems and collaborative initiatives like Community Scoring & Intelligence Service can fortify the fight against fraud.
USE THE TABLE OF CONTENTS BELOW TO NAVIGATE THROUGH THE PAGE:
1. Introduction
The latest fraud stats make uncomfortable reading.
Fraud is growing – relentlessly.
One in four people globally have fallen victim to fraud, resulting in losses of US$1.026 trillion per year, according to the Global State of Scams 2023 report, published by the non-profit Global Anti-Scam Alliance (GASA). The report is based on survey responses from more than 49,000 people in 43 countries and revealed that almost 80 percent of respondents experienced at least one scam in the past year and 59 percent said they encountered fraud attempts at least once a month.
Sadly, GASA’s figure for overall losses does not tell the whole story – only a small percentage of frauds is reported. Mike Haley, CEO of Cifas, the UK’s fraud-prevention umbrella group, estimates that 86% of cases go unreported and the FBI puts the proportion as high as 93%. Moreover, GASA’s data cover only individual victims and their losses. The most recent Report to the Nations, a biennial research exercise by the Association of Certified Fraud Examiners (ACFE), suggested that alongside individual losses, up to five percent of corporate revenue globally is now lost to fraud every year – an estimated US$4.7 trillion.
This is partly due to pressures from the global economic downturn because crime, including fraud, tends to increase when economic conditions worsen. However, it is also getting easier to commit fraud. For those without technical computer knowledge, crime- or fraud-as-a-service (CaaS), easily found on the dark web as well as on Telegram and other messaging platforms, means software can now be rented or licensed in exactly the same way users pay for Microsoft. Ransomware packages, for example, are available for US$1,000 a month. This, too, will help drive up fraud losses throughout 2024.
But it’s not just the economic crisis and CaaS that will fuel growth. Enhanced with new and powerful tools such as generative AI, which criminal gangs are using to create text and video content to promote their scams, financial fraud has morphed into a large and well-organized global industry.
In Asia, multiple reports indicate that the huge potential proceeds from online fraud are fueling human trafficking and modern slavery. Gangs use fake job adverts to lure victims into traveling to countries such as Cambodia, Myanmar, Indonesia or Thailand where, instead of a well-paid job, they are held captive and forced to work in online ‘fraud factories’ scamming victims.
This problem has spread beyond its original centers in Asia to become a worldwide phenomenon. There is evidence that this scam is being replicated in other regions such as West Africa, where cyber-enabled financial crime is already prevalent. It is now seen as so serious that in June 2023, Interpol issued a warning Orange Notice to its members, highlighting the global threat from fraud enabled by human trafficking.
Criminals are sticking with tried-and-tested fraud types and using phone calls, text messages, emails, instant messaging and social media posts and adverts to reach potential targets. Having said that, they are proving adept at adapting their schemes to seize on changing life and work patterns to stay one step ahead, not only of law enforcement and fraud-mitigation efforts, but also of rival criminal gangs.
“WE PREDICT A RISE IN ATTEMPTS TO INSTALL MALWARE AND EFFORTS TO OVERCOME MORE ADVANCED SECURITY MEASURES.”
Phishing scams – where they try to elicit personal information such as date of birth or passwords to help them perpetrate fraud – will remain a threat in 2024. According to the US Federal Bureau of Investigation’s latest Internet Crime Report, phishing remains the biggest single fraud type reported in the US, but individual losses were relatively small, totaling US$52 million. However, a much smaller number of investment frauds, often involving cryptocurrency schemes, led to US$3.3 billion of losses, the FBI reported.
Love, investment and delivery scams, as well as deepfakes, will continue to feature throughout 2024, as we discuss in a recent blog article. In addition, we expect to see more fraud where criminals try to impersonate work colleagues in emails, not only within companies but also in public bodies and institutions. This is a growing trend thanks to the increase in staff working from home following the pandemic and using less secure computer networks.
We also predict a rise in attempts to install malware and efforts to overcome more advanced security measures such as two-factor authentication, as well as touch or face identification. Mobile-phone SIM swaps, which we first saw in Africa, have become a growing problem elsewhere, while in Asia-Pacific mobile malware such as FluHorse and Nexus is spreading very rapidly and infiltrating smartphones worldwide. These programs are primarily engineered for credential harvesting, extracting banking and card details and obtaining SMS/Authenticator two-factor authentication codes. The information harvested enables everything from identity theft to account takeover.
As mobile banking and payments continue to rise, so will fraud. Indeed, our ever-larger digital footprints will continue to extend the potential attack surface, making identity theft as a result of hacks more likely. We will also see a further increase in ‘quishing’, where criminals use malicious QR codes to redirect users to fake websites or manipulate payments.
Thankfully, just as criminals use technology to try to commit fraud, so companies continue to develop technology that prevents it. Use of advanced software for real-time monitoring and fraud prevention is receiving additional impetus from the developing regulatory situation, which is tending to divide liability for scams between the banks that send and receive fraudulent payments. The UK Payment System Regulator’s liability model provides a recent example of this sharing of responsibility for addressing fraud.
We predict that 2024 will see further development of systems that use artificial intelligence and machine learning to spot and stop fraud without adding friction for the user. Software built specifically for banks that learns over time is proving an indispensable line of defense in the fight against fraudsters. Sharing information about frauds through initiatives such as NetGuardians’ Community Scoring & Intelligence program will also become ever-more important in the battle against the criminals.
As the threat continues to grow, so will demand from banks and their stakeholders for these effective fraud-management solutions. 2024 won’t be an open season for fraudsters as far as companies like NetGuardians are concerned.
2. The 2024 Fraud Landscape
Our survey of the 2024 payment fraud landscape follows the Fraud Classifier model produced by the US Federal Reserve’s FedPayments Improvement program. This groups fraud types according to who initiates the payment – an authorized or unauthorized party. Both types tend to involve a combination of technology tools and efforts to manipulate and dupe the victim.
However, in almost all cases, the fraud is executed by initiating payments or withdrawals from victims’ accounts that are not consistent with their normal patterns of behavior. This is the weakness in such fraud attempts that enables NetGuardians’ AI software to identify and prevent them.
Authorized frauds
Unauthorized frauds
All these frauds are frequently accompanied by money muling, whereby the stolen money is paid to someone who agrees to receive the funds and pass them on for a fee, as part of the money-laundering process. This saves the criminal organizations from having to send the funds overseas to be laundered. Instead, the funds are split and put through individuals’ accounts in amounts small enough not to trigger the bank’s minimum threshold for a suspect transaction alert.
Money muling is widespread, especially among digitally orientated banks. In the UK, young people are most likely to be targeted by fraudsters as potential money mules. In late 2022, Lloyds Bank reported that around half the money laundered in the UK passed through bank accounts belonging to people under the age of 24.
In June 2023, Europol said: “More than 90 percent of money mule transactions identified through European Money Mule Action are linked to cybercrime. The illegal money often comes from criminal activities like phishing, malware attacks, online auction fraud, e-commerce fraud, business email compromise (BEC) and CEO fraud, romance scams, holiday fraud (booking fraud) and many others.”
NetGuardians Community Scoring & Intelligence solution enables banks to receive alerts containing anonymized and encrypted information from other banks that use this software about accounts involved in money laundering. This community insight is fed back into the banks’ models in real time, helping to refine the risk scoring for every transaction that goes through each bank.